Posted
by
samzenpuson Sunday April 27, 2014 @08:15PM
from the almost-good-enough dept.

CowboyRobot (671517) writes "Erik Meijer, known for his contributions to Haskell, C#, Visual Basic, Hack, and LINQ, has an article at the ACM in which he argues that 'Mostly functional' programming does not work. 'The idea of "mostly functional programming" is unfeasible. It is impossible to make imperative programming languages safer by only partially removing implicit side effects. Leaving one kind of effect is often enough to simulate the very effect you just tried to remove. On the other hand, allowing effects to be "forgotten" in a pure language also causes mayhem in its own way. Unfortunately, there is no golden middle, and we are faced with a classic dichotomy: the curse of the excluded middle, which presents the choice of either (a) trying to tame effects using purity annotations, yet fully embracing the fact that your code is still fundamentally effectful; or (b) fully embracing purity by making all effects explicit in the type system and being pragmatic by introducing nonfunctions such as unsafePerformIO. The examples shown here are meant to convince language designers and developers to jump through the mirror and start looking more seriously at fundamentalist functional programming.'"

Posted
by
Unknown Lameron Thursday April 24, 2014 @06:29PM
from the suggesting-some-knowledge dept.

peetm (781139) writes "Having visited with me and my wife recently, the girlfriend of an ex-student of mine (now taking an M.Sc. in pure CS) asked me to suggest useful books for her boyfriend: '... He recently mentioned that he would love to have a home library, like the one you have, with variety of good, useful and must-have books from different authors. ... Mostly, I was thinking your advice would be priceless when it comes to computer science related books, but .. I would appreciate any sort of advice on books from you. ...' Whilst I could scan my own library for ideas, I doubt that I'm really that 'current' with what's good, or whether my favorites would be appropriate: I've not taught on the M.Sc. course for a while, and in some cases, and just given their price, I shouldn't really recommend such books that are just pet loves of mine — especially to someone who doesn't know whether they'd even be useful.

Posted
by
timothyon Thursday April 24, 2014 @08:48AM
from the and-moving-forward-henceforth dept.

wiredmikey (1824622) writes "Technology giants including Microsoft, Google, Intel, and Cisco are banding together to support and fund open source projects that make up critical elements of global information infrastructure. The new Core Infrastructure Initiative brings technology companies together to identify and fund open source projects that are widely used in core computing and Internet functions, The Linux Foundation announced today. Formed primarily as the industry's response to the Heartbleed crisis, the OpenSSL library will be the initiative's first project. Other open source projects will follow. The funds will be administered by the Linux Foundation and a steering group comprised of the founding members, key open source developers, and other industry stakeholders. Anyone interested in joining the initiative, or donating to the fund can visit the Core Infrastructure Initiative site."

Posted
by
Soulskillon Tuesday April 22, 2014 @06:47PM
from the it's-dangerous-to-go-alone,-take-this-ipod dept.

An anonymous reader writes "Andrew Kelley was a big fan of the Amarok open source music player. But a few years ago, its shortcomings were becoming more annoying and the software's development path no longer matched with the new features he wanted. So he did what any enterprising hacker would do: he started work on a replacement. Three and a half years later, his project, Groove Basin, has evolved into a solid music player, and it's still under active development. Kelley has now posted a write-up of his development process, talking about what problems he encountered, how he solved them, and how he ended up contributing code to libav."

Posted
by
timothyon Tuesday April 22, 2014 @12:56PM
from the it-is-all-about-the-wilson dept.

Nerval's Lobster (2598977) writes "Last month, a report suggested that Austin has the highest salaries for tech workers (after factoring in the cost of living), followed by Atlanta, Denver, Boston, and Silicon Valley. Now, a new report (yes, from Dice, because it gathers this sort of data from tech workers) suggests that more tech people are earning six figures a year than ever. Some 32 percent of full-time tech pros took home more than $100,000 in 2013, according to the findings, up from 30 percent in 2012 and 26 percent in 2011. For contractors, the data is even better: In 2013, a staggering 54 percent of them earned more than $100,000 a year, up from 51 percent the previous year and 50 percent in 2011. How far that money goes depends on where you live, of course, but it does seem like a growing number of the world's tech workers are earning a significant amount of cash."

Posted
by
timothyon Tuesday April 22, 2014 @11:33AM
from the doesn't-seem-that-long-ago dept.

In N+1 magazine, David Auerbach explains what it was like in the "Chat Wars" of the late '90s, when he was the youngest person on the team developing Microsoft's brand-new messaging app, in the face of America Online's AIM, the 900-pound gorilla in the room. Auerbach explains how he used a network analyzer to fake out AOL's servers into letting Microsoft's client connect to AIM as well.
"AOL could only block Messenger if they could figure out that the user was using Messenger and not AIM. As long as Messenger sent exactly the same protocol messages to the AOL servers, AOL wouldn’t be able to detect that Messenger was an impostor. So I took the AIM client and checked for differences in what it was sending, then changed our client to mimic it once again. They’d switch it up again; they knew their client, and they knew what it was coded to do and what obscure messages it would respond to in what ways. Every day it’d be something new. At one point they threw in a new protocol wrinkle but cleverly excepted users logging on from Microsoft headquarters, so that while all other Messenger users were getting an error message, we were sitting at Microsoft and not getting it. After an hour or two of scratching our heads, we figured it out."
Eventually, though, AOL introduced x86 assembly code into the login protocol, and that not only stymied the MSM team, but led to some interesting warfare of its own. Auerbach's story sheds a lot of light on both good and bad aspects of corporate culture at the start of the 21st century, at Microsoft as well as other companies.

Posted
by
samzenpuson Monday April 21, 2014 @06:15PM
from the do-the-right-thing dept.

snydeq (1272828) writes "As software takes over more of our lives, the ethical ramifications of decisions made by programmers only become greater. Unfortunately, the tech world has always been long on power and short on thinking about the long-reaching effects of this power. More troubling: While ethics courses have become a staple of physical-world engineering degrees, they remain a begrudging anomaly in computer science pedagogy. Now that our code is in refrigerators, thermostats, smoke alarms, and more, the wrong moves, a lack of foresight, or downright dubious decision-making can haunt humanity everywhere it goes. Peter Wayner offers a look at just a few of the ethical quandaries confronting developers every day. 'Consider this less of a guidebook for making your decisions and more of a starting point for the kind of ethical contemplation we should be doing as a daily part of our jobs.'"

Posted
by
timothyon Sunday April 20, 2014 @06:37AM
from the the-good-kind-of-competition dept.

New submitter CrAlt (3208) writes with this news snipped from BSD news stalwart undeadly.org: "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls. ... All combined, there've been over 250 commits cleaning up OpenSSL. In one week.'"
You can check out the stats, in progress.

Posted
by
Soulskillon Friday April 18, 2014 @01:06PM
from the don't-change-horses dept.

CowboyRobot sends in an article about how Samsung's constantly shifting plans for its smartwatches are making it hard for developers to commit to building apps. Quoting:
"Samsung's first smartwatch, released in October last year, ran a modified version of Google's Android platform. The device had access to about 80 apps at launch, all of which were managed by a central smartphone app. Samsung offered developers an SDK for the Galaxy Gear so they could create more apps. Developers obliged. Then Samsung changed direction. Samsung announced a new series of smartwatches in February: the Gear 2, Gear 2 Neo, and Gear Fit. Unlike the first device, these three run Samsung’s Tizen platform. ... This week, Samsung made things even more interesting. Speaking to Reuters, Yoon Han-kil, senior vice president of Samsung’s product strategy team, said the company is working on a watch that will use Google’s Android Wear platform. In other words, Samsung will bring three different watches to market with three different operating systems in under a year."

Posted
by
samzenpuson Thursday April 17, 2014 @10:02PM
from the who's-to-blame dept.

itwbennett (1594911) writes "Oracle is gearing up for a fight with officials in Oregon over its role developing an expensive health insurance exchange website that still isn't fully operational. In a letter obtained by the Oregonian newspaper this week, Oracle co-president Safra Catz said that Oregon officials have provided the public with a 'false narrative' concerning who is to blame for Cover Oregon's woes. In the letter, Catz pointed out that Oregon's decision to act as their own systems integrator on the project, using Oracle consultants on a time-and-materials basis, was 'criticized frequently by many'. And as far as Oracle is concerned, 'Cover Oregon lacked the skills, knowledge or ability to be successful as the systems integrator on an undertaking of this scope and complexity,' she added."

Posted
by
Soulskillon Wednesday April 16, 2014 @06:17PM
from the put-your-money-where-your-code-is dept.

just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article:
"The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."

Posted
by
Soulskillon Wednesday April 16, 2014 @03:30PM
from the you-totally-could-have-invented-flappy-birds dept.

msmoriarty writes: "According to a recent survey of 1,000 U.S.-based software developers, 56 percent expect to become millionaires in their lifetime. 66 percent also said they expect to get raises in the next year, despite the current state of the economy. Note that some of the other findings of the study (scroll to bulleted list) seem overly positive: 84 percent said they believe they are paid what they're worth, 95 percent report they feel they are 'one of the most valued employees at their organization,' and 80 percent said that 'outsourcing has been a positive factor in the quality of work at their organization.'"

Posted
by
Soulskillon Tuesday April 15, 2014 @10:05PM
from the in-the-server-room-with-the-lamp-stack dept.

An anonymous reader writes "Python guru Jeff Knupp writes about his frustration with the so-called 'DevOps' movement, an effort to blend development jobs with operations positions. It's an artifact of startup culture, and while it might make sense when you only have a few employees and a focus on simply getting it running rather than getting it running right, Knupp feels it has no place in bigger, more established companies. He says, 'Somewhere along the way, however, we tricked ourselves into thinking that because, at any one time, a start-up developer had to take on different roles he or she should actually be all those things at once. If such people even existed, "full-stack" developers still wouldn't be used as they should. Rather than temporarily taking on a single role for a short period of time, then transitioning into the next role, they are meant to be performing all the roles, all the time. And here's what really sucks: most good developers can almost pull this off.' Knupp adds, 'The effect of all of this is to destroy the role of "developer" and replace it with a sort of "technology utility-player". Every developer I know got into programming because they actually enjoyed doing it (at one point). You do a disservice to everyone involved when you force your brightest people to take on additional roles.'"

Posted
by
Soulskillon Tuesday April 15, 2014 @02:59PM
from the new-ways-to-argue-about-your-favorite-language dept.

An anonymous reader writes "Deciding which programming language to use is often based on considerations such as what the development team is most familiar with, what will generate code the fastest, or simply what will get the job done. How secure the language might be is simply an afterthought, which is usually too late. A new WhiteHat Security report approaches application security not from the standpoint of what risks exist on sites and applications once they have been pushed into production, but rather by examining how the languages themselves perform in the field. In doing so, we hope to elevate security considerations and deepen those conversations earlier in the decision process, which will ultimately lead to more secure websites and applications."

Posted
by
samzenpuson Monday April 14, 2014 @08:48AM
from the try-it-again dept.

SpacemanukBEJY.53u (3309653) writes "It took security researcher Willem Pinckaers all of 15 minutes to spot a flaw in code created by Akamai that the company thought shielded most of its users from one of the pernicious aspects of the Heartbleed flaw in OpenSSL. More than a decade ago, Akamai modified parts of OpenSSL it felt were weak related to key storage. Akamai CTO Andy Ellis wrote last week that the modification protected most customers from having their private SSL stolen despite the Heartbleed bug. But on Sunday Ellis wrote Akamai was wrong after Pinckaers found several flaws in the code. Akamai is now reissuing all SSL certificates and keys to its customers."

Posted
by
Soulskillon Friday April 11, 2014 @11:36AM
from the you-can't-teach-an-old-dog-how-to-use-a-for-loop dept.

theodp (442580) writes "Gigaom reports that while speaking at the Bloomberg Energy Summit on Wednesday, former NYC Mayor Michael Bloomberg said he gives 'a lot of money to the Sierra Club' to help close dirty coal plants, but added that as a society we have to 'have some compassion to do it gently.' Subsidies to help displaced workers are one option, said Bloomberg, while retraining is another option. But, in a slight to the tech industry's sometimes out-of-touch nature with workers outside of Silicon Valley, he said retraining needs to be realistic, 'You're not going to teach a coal miner to code,' argued Bloomberg. 'Mark Zuckerberg says you teach them to code and everything will be great. I don't know how to break it to you... but no.'"

Posted
by
samzenpuson Thursday April 10, 2014 @08:28PM
from the only-human dept.

nk497 (1345219) writes "The Heartbleed bug in OpenSSL wasn't placed there deliberately, according to the coder responsible for the mistake — despite suspicions from many that security services may have been behind it. OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL when working on the open-source project two and a half years ago, according to an Australian newspaper. The change was logged on New Year's Eve 2011. 'I was working on improving OpenSSL and submitted numerous bug fixes and added new features,' Seggelmann told the Sydney Morning Herald. 'In one of the new features, unfortunately, I missed validating a variable containing a length.' His work was reviewed, but the reviewer also missed the error, and it was included in the released version of OpenSSL."

Posted
by
timothyon Thursday April 10, 2014 @06:12PM
from the conscionable-vs.-unconscionable dept.

curtwoodward (2147628) writes "Entrepreneurs in Massachusetts say the state's legal enforcement of non-competition agreements hurts innovation — if you're going to get sued by Big Company X, you're probably not going to leave for a startup in the same industry. But those contracts have powerful supporters, including EMC, which is by far the state's largest tech company. Gov. Deval Patrick is finally picking a side in the debate by introducing his own bill to outlaw non-competes and adopt trade-secrets protections instead. Just one catch: he's a lame duck, and will be out of office in January."